Skills
skills/aradotso/trending-skills/flipoff-split-flap-display/Snyk

flipoff-split-flap-display

Warn

Audited by Snyk on Mar 26, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). The SKILL.md "Common Patterns" section includes an explicit fetch example (fetch('/api/departures') — "e.g., a flight API") that ingests third‑party JSON and uses it to build and display messages via board.setMessage (and trigger sound.play), so untrusted external API/content could directly influence runtime behavior.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 26, 2026, 09:14 PM
Issues
1